Method and apparatus for recording information including secret information and method and apparatus for reproduction thereof

ABSTRACT

An information recording method for recording content information in a recording medium having at least re-readable area, comprising converting, based on a first conversion rule φ 1 , first information including a first component for obtaining content control information, converting, based on a second conversion rule φ 2 , second information including a second component for obtaining the first information, and writing the converted first information and the converted second information into the re-recordable area of the recording medium.

CROSS-REFERENCE TO RELATED APPLICATIONS

[0001] This application is based upon and claims the benefit of priorityfrom the prior Japanese Patent Applications No. 2001-312983, filed Oct.10, 2001, and No. 2001-328079, filed Oct. 25, 2001, the entire contentsof both of which are incorporated herein by reference.

BACKGROUND OF THE INVENTION

[0002] 1. Field of the Invention

[0003] The present invention relates to a method and an apparatus forrecording information including secret information, effective forrecording a content necessitating protection of copyright and a methodand an apparatus for reproduction thereof.

[0004] 2. Description of the Related Art

[0005] Recently, any type of information can be digitized and technologycapable of distributing such information through transmission media orrecording media has been developed, as expressed by the term “digitalrevolution.” As a result, a great number of people have come to acquiredigital information freely. In such an environment, signals such asdigital audio signals, digital video signals, relating data whichcomputers handle are recorded in a recording medium. Informationtransmission and storage are carried out so that the above-describedsignals are reproduced from the recording medium, information is copiedto a read-only medium, transmitted information is reproduced orinformation is transmitted through a transmission line.

[0006] Recently, as a recording medium capable of recording a largevolume of video/audio information, the digital versatile disc (DVD) hasbeen realized. A movie over two hours long is recorded in a DVD and suchDVD recorded information is reproduced through a playback apparatus, sothat the movie can be watched freely at home.

[0007] DVDs are classified into: read-only DVD-ROMs, DVD-Rs which allowa one-time recording, and DVD-RW, DVD-RAM which allow re-recording.

[0008] DVD-video is a standard currently used which allows a whole movieto be recorded in a single disc. A user can acquire information based ondigital signals freely through reproduction of such DVD-video discs orreception of digital broadcasting. Under such circumstances, if theacquired digital signals are copied to a recording medium such as a harddisc and the aforementioned DVD-RAM and encoded with an encoder based onthe DVD-video standard, it is possible to copy a disc.

[0009] Thus, in a DVD-video, digital information to be recorded isencrypted. The copy protect method employing cryptography technologyfunctions effectively for a DVD-video disc or DVD-ROM, in whichencrypted information is pre-recorded.

[0010] In the field of such information transmission and storageprocessing, recently, copyright protection is gaining in importance.Particularly, if information necessitating protection of copyright isrecorded on an ordinary recording medium, illegal copy needs to beprevented. That is, although an individual having a copyright permitsrecording of information to only a single recording medium, it ispossible to illegally copy the information onto a number of recordingmedium, thus preventing this is of the utmost importance.

[0011] Because a rewritable or re-recordable recording medium hasappeared, generation control information is needed for the content, andits control information includes “copy is prohibited,” “a single copy ispermitted,” “copying several times is permitted” and the like.

[0012] Recently, as a concept for content control, such concepts as“move,” “check-out,” and “check-in” have appeared. These words aredefined as follows.

[0013] (1) “Move”: Moving the content from a recording area to anotherrecording area. Consequently, the content written into an originalrecording area is erased.

[0014] (2) “Check-out”: Copy is permitted N times or the content iscopied from a recording area (or first recording medium) to anotherrecording area (or second recording medium). The content written into anoriginal recording area is not erased but copy control information N isreduced by one. Of course, if N=0 is reached, the content cannot becopied any more. Although usually, a copied content can be reproduced,this copied content is not permitted to be copied further.

[0015] (3) “Check-in”: When the copy control information of the contentin an original recording area is for example, (N−1) times, executingprocessing for returning that content from the other recording arearecorded previously. As a result, the copy control information forcontrolling the content of the original recording area is increased byone, i.e., changed to N times. It follows that the content written intothe other recording area is erased.

[0016] If an information recording/reproducing apparatus, which operatesaccording to one of the above concepts is used faithfully to itsfunction, there occurs no problem. However, the informationrecording/reproducing portion may be modified so that the copy controlinformation is made meaningless. Thus, the presence of the copy controlinformation becomes meaningless.

[0017] Technologies for blocking such illegal copy of digital signalsare disclosed in Japanese Patent KOKAI Publications No. 9-128990, No.8-204584, and No. 8-28684.

[0018] The Japanese Patent KOKAI Publication No. 9-128990 discloses amethod of recording by replacing a part of an error correction code withspecific information (encryption key or the like). According to thismethod, since a part of the digital data or the error correction code isreplaced with the specific information, an error occurs in the replacedportion. Therefore, if the amount of the specific information increases,the error rate of the original data increases, which increases the loadon error correction processing.

[0019] According to Japanese Patent KOKAI Publication No. 8-204584, whensupplying data subjected to error correction processing to a decodingportion, a correction impossible data portion is replaced with a specialcode containing a synchronous code so that it can be detected by thedecoding portion. The decoding portion recognizes the error portionusing the special code to carry out decoding.

[0020] According to the Japanese Patent KOKAI Publication No. 8-286840,encryption is carried out by changing additional information or theposition of the additional information in order to prevent illegalcopying. The allocation structure of digital data is determined so asnot to occur a correction impossible state of digital data due to a dataerror generated by embedding encryption key information.

[0021] To control the content and control information (including copycontrol information), encryption and decryption processing is carriedout for the content and control information in the informationrecording/reproducing portion. However, key information for encryptingor decrypting the content or control information may be illegallyremoved. Consequently, decrypting of the content and control informationis enabled, so that it is possible that the content is duplicatedillegally into another recording medium or recording area in a largequantity and the content is decrypted.

[0022] In order to prevent such illegal copying, procedures forencryption and decryption need to be improved further. Additionally, therecording medium for recording the content or key information and therecording/reproduction method must also be improved.

BRIEF SUMMARY OF THE INVENTION

[0023] An object of the present invention is to provide a method andapparatus for recording/reproducing information in which concealabilityin recording or reproduction of key information is improved through useof a cheap recording medium as to prevent illegal copy of its content.

[0024] Another object of the present invention is to provide a methodand apparatus for recording information including secret information,provided with a copyright protection system capable of preventingillegal copy of a recording medium in which information whose copyrightis required to be protected is recorded, even in a system comprising arecording/reproducing drive in use for environment of computer or thelike, and PC capable of editing information easily.

[0025] According to an embodiment of the present invention, aninformation recording method for recording content information in arecording medium having at least re-readable area, comprising:

[0026] converting, based on a first conversion rule φ1, firstinformation including a first component for obtaining content controlinformation;

[0027] converting, based on a second conversion rule φ2, secondinformation including a second component for obtaining the firstinformation; and

[0028] writing the converted first information and the converted secondinformation into the re-recordable area of the recording medium.

[0029] Additional objects and advantages of the present invention willbe set forth in the description which follows, and in part will beobvious from the description, or may be learned by practice of thepresent invention.

[0030] The objects and advantages of the present invention may berealized and obtained by means of the instrumentalities and combinationsparticularly pointed out hereinafter.

BRIEF DESCRIPTION OF THE SEVERAL VIEWS OF THE DRAWING

[0031] The accompanying drawings, which are incorporated in andconstitute a part of the specification, illustrate embodiments of thepresent invention and, together with the general description given aboveand the detailed description of the embodiments given below, serve toexplain the principles of the present invention in which:

[0032]FIGS. 1A and 1B are diagrams for explaining the types of recordingmedia;

[0033]FIG. 2 is an explanatory diagram of the content of informationrecorded in a recording medium of an embodiment of the presentinvention;

[0034]FIGS. 3A and 3B are explanatory diagrams showing the informationrecording structure block of an apparatus according to the embodiment ofthe present invention;

[0035]FIG. 4 is an explanatory diagram showing the informationreproduction structure block of an apparatus according to the embodimentof the present invention;

[0036]FIG. 5 is a block diagram showing recording data processingprocess employed in a DVD system;

[0037]FIG. 6 is an explanatory diagram showing the structure of a datasector employed in the DVD system;

[0038]FIG. 7 is an explanatory diagram showing the structure of an ECCblock employed in the DVD system;

[0039]FIG. 8 is an explanatory diagram showing the structure of arecording sector employed in the DVD system;

[0040]FIG. 9 is an explanatory diagram showing the structure of the ECCblock after row interleave processing employed in the DVD system;

[0041]FIG. 10 is an explanatory diagram showing the structure of aphysical sector employed in the DVD system;

[0042]FIG. 11 is a diagram showing a part of a conversion table for amodulator which is used in the DVD;

[0043]FIG. 12 is an explanatory diagram showing an example of data flowin case where illegal copy is executed;

[0044]FIG. 13 is an explanatory diagram of a re-recordable area and are-record disable area in the recording medium (disc);

[0045]FIG. 14 is an explanatory diagram showing an example of amodulation information data block in which information modulated basedon a second modulation rule φ2 is inserted;

[0046]FIG. 15 is an explanatory diagram showing an example thatinformation modulated based on the second modulation rule φ2 is embeddedin a modulated signal of main data;

[0047]FIG. 16 is an explanatory diagram showing another example thatinformation modulated based on the second modulation rule φ2 is embeddedin a modulated signal of main data;

[0048]FIG. 17 is an explanatory diagram showing still another examplethat information modulated based on the second modulation rule φ2 isembedded in a modulated signal of main data;

[0049]FIG. 18 is an explanatory diagram showing still another examplethat information modulated based on the second modulation rule φ2 isembedded in a modulated signal of main data;

[0050]FIG. 19 is a diagram showing the block structure in arecording/reproducing apparatus according to another embodiment of thepresent invention or route of “check-out” processing;

[0051]FIG. 20 is a diagram showing the block structure in therecording/reproducing apparatus according to the other embodiment of thepresent invention or route of reproduction processing;

[0052]FIG. 21 is a diagram for explaining information on a recordingmedium in case where the “check-out” and “check-in” are executed in theapparatus of the embodiment of the present invention;

[0053]FIG. 22 is a diagram showing an example of another block structurein the recording/reproducing apparatus according to a still anotherembodiment of the present invention or route of “check-out” processing;

[0054]FIG. 23 is a diagram showing an example of another block structurein the recording/reproducing apparatus according to the still otherembodiment of the present invention or route of reproduction processing;

[0055]FIG. 24 is an explanatory diagram for information in there-recordable area and re-record disable area of the recording medium(disc) for recording or reproducing information with the apparatus shownin FIGS. 22 and 23;

[0056]FIG. 25 is a diagram for explaining information on the recordingmedium in case where the “check-out” and “check-in” are carried out withthe apparatus shown in FIGS. 22 and 23;

[0057]FIG. 26 is a diagram showing the block structure of a driveaccording to a further embodiment of the present invention; and

[0058]FIG. 27 is a diagram showing the block structure of a driveaccording to a still further embodiment of the present invention.

DETAILED DESCRIPTION OF THE INVENTION

[0059] A method and apparatus for recording information including secretinformation and a method and apparatus for reproduction thereof will benow described with reference to the accompanying drawings.

[0060] First Embodiment

[0061] In recent years, various kinds of recording media have beenmarketed, and are classified described below. FIG. 1A shows a area of arecording medium called type 0. Most of the recording medium includes aarea which information can be recorded on or reproduced from. This mediaincludes video tapes, semiconductor memory (RAM), floppy discs and thelike. FIG. 1B shows a area of a recording medium called type 1, which isrepresented by, for example, an optical disc and a semiconductor memory(RAM) loaded with a nonvolatile memory. The recording medium of type 1has a re-record disable area (read-only area) and a re-recordable area.Medium ID (disc identification information), key group information KBwhich is a bundle of keys (master key encrypted with the key of eachdevice) and the like are written into the re-record disable area. Themedium ID and information KB are available as a part (namely, a part forgenerating the key) of a key for encrypting the content.

[0062] If the medium ID or key group information KB, which is a bundleof keys is recorded in the recording medium of type 0, there is no waybut recording in its re-recordable area. Therefore, there is a fear thatthe medium ID or key group information KB may be easily stolen orrewritten. Thus, the recording media of type 0 is not suitable forrecording content necessitating protection of copyright.

[0063] Next, the recording medium of type 1 will be considered. In type1, the medium ID and key group information KB, which is the bundle ofkeys, are written into a re-record disable area which enables read-outbut disables write-in. Therefore, the medium ID and key groupinformation KB are never rewritten without permission. If the medium IDand the key group information KB are used as a part of a key forencrypting content, a recording medium (first recording medium) and arecording content correspond to each other one to one. That is, even ifonly the content (all data in the re-recordable area) is copied toanother recording medium (second recording medium), signals reproducedfrom the second recording medium cannot be decrypted accurately becausethe medium ID and key group information KB of the other recording medium(second recording medium) are different from the medium ID and key groupinformation KB of the first recording medium in terms of the content.

[0064] How the “move,” “check-out,” and “check-in” previously describedin (1), (2), and (3) are carried out using the recording medium of type2 will be described.

[0065] (1) “Move”: Moving the content from a recording area (forexample, first recording medium) to another recording area (secondrecording medium). Consequently, the content written into an originalrecording area is erased.

[0066] Thus, in this case, control information for the “move” processingpermission is recorded in the recording medium. If the content is movedfrom the first recording medium to the second recording medium, thecontrol information for the “move” processing permission or content tobe recorded in the first recording medium is erased or rewritten withmeaningless data.

[0067] (2) “Check-out”: Copy is permitted N times or the content iscopied from a recording area (first recording medium) to anotherrecording area (second recording medium). The content in an originalrecording area is not erased but copy control information is reduced to(N−1) times. Of course, if N=0 is reached, the content cannot be copiedany more.

[0068] In this case, the copy control information needs to be sodesigned to be changeable, so that the copy control information can bewritten into the re-recordable area of the first recording medium.

[0069] (3) “Check-in”: When the copy control information of the contentin an original recording area is for example, (N−1) times, executing aprocessing for returning that content from the other recording arearecorded previously. As a result, the copy control information forcontrolling the content of the original recording area is changed to N(=(N−1)+1) times. Thus the content written into the other recording areais erased.

[0070] Thus, in this case also, the copy control information needs to beso designed to be changeable, so that the copy control information canbe written into the re-recordable area of the first recording medium.

[0071] Encryption/decryption processing is carried out to the contentand copy control information (administration information). However, keyinformation for encrypting/decrypting the content and administrationinformation may be illegally stolen.

[0072] Thus, according to the method of an embodiment of the presentinvention, the key information which encrypts the content andadministration information is also encrypted and written into there-recordable area. Because the encrypted key information is writteninto the re-recordable area, the encrypted key information may berewritten illegally. Thus, the second key information (random number),which encrypts the key information is also encrypted and recorded in there-recordable area.

[0073] According to the embodiment of the present invention, theencrypted key information is written into the re-recordable area suchthat the encrypted key information can be written into and read-out fromthe based on the first conversion/inverse-conversion rule like theencrypted content and administration information and the encryptedsecond key information is written into the re-recordable area such thatthe encrypted second key information can be written into and read-outfrom the based on the second conversion/inverse-conversion rule. Thesecond conversion/inverse-conversion rule executesconversion/inverse-conversion inside an informationrecording/reproducing apparatus. That is, information affected by thesecond conversion/inverse-conversion rule is protected from beingintroduced out of the information recording/reproducing apparatus. As aresult, the encrypted second key information, which is to berecorded/reproduced based on the second conversion/inverse-conversionrule, has a very high concealability.

[0074]FIG. 2 is an explanatory diagram showing areas in a recordingmedium for recording/reproduction based on the method of the presentinvention and its internal information. A re-record disable area 2110and a re-recordable area 2120 are secured in a recording medium 2000.The re-record disable area 2110 comprises medium ID (for example,identification number inherent of disc) and the re-recordable area 2120comprises a first type conversion (φ1) data recording area 2120A and asecond type conversion (φ2) data (concealability) recording area 2120B.

[0075] Encrypted content information and encrypted copy controlinformation are recorded in the first type conversion (φ1) datarecording area 2120A as described in detail later. The key information,which encrypts the copy control information, is recorded in the secondtype conversion (φ2) data recording area 2120B.

[0076]FIG. 3A shows an information recording/reproducing apparatus 1000employing the recording method of the present invention and FIG. 3Bshows the recording medium 2000. The information recording apparatus1000 has a master key generation portion 1110. The master key generationportion 1110 generates a master key Km from key group information KBread from the recording medium 2000 and information Kd (usually called adevice key) possessed by the recording apparatus 1000. The master key Kmis input to a 2-variable converter 1120. The 2-variable converter 1120processes the medium ID inherent of a disc and the master key Km with2-variable function h(x, y) so as to generate a medium inherent key Ku.

[0077] The medium inherent key Ku and title key KT1 (corresponding tothe title of content C1) are input to an encryption portion 1130. Theencryption portion 1130 encrypts the title key KT1 using the mediuminherent key Ku so as to obtain encrypted title key E(Ku, KT1).

[0078] The encrypted title key E(Ku, KT1) is input to the encryptionportion 1160. The encryption portion 1160 encrypts the encrypted titlekey E(Ku, KT1) using a random number EMI from a random number generator1170 so as to obtain a double encrypted title key E(EMI, E(Ku, KT1)).The double encrypted title key E(EMI, E(Ku, KT1)) is converted by aconverter 1180 for carrying out data conversion according to theconversion rule φ1 and recorded in the re-recordable area of therecording medium 2000 as a converted double encrypted title keyφ1(E(EMI, E(Ku, KT1)).

[0079] The title key KT1 encrypts the content C1 through an encryptionportion 1140. The encrypted content E(KT1, C1) is converted by aconverter 1190 having the conversion rule φ1 and recorded in there-recordable area of the recording medium 2000 as converted encryptedcontent φ1(E(KT1, C1)).

[0080] Further, a random number EMI from a random number generator 1170is input to an encryption portion 1190, encrypted by the medium inherentkey Ku and output as an encrypted random number E(Ku, EMI). Theencrypted random number E(Ku, EMI) is converted by a converter 1200having the conversion rule φ2 and output as converted encrypted randomnumber φ2(E(Ku, EMI)). The converted encrypted random number φ2(E(Ku,EMI)) is recorded in the re-recordable area of the recording medium2000.

[0081]FIG. 3B shows information recorded in the recording medium 2000through the above-described recording processing. A re-record disablearea 2110 and re-recordable area 2120 are provided in the recordingmedium 2000. The re-record disable area 2110 comprises medium ID (forexample, identification number inherent of disc). The re-recordable area2120 comprises the first type conversion (φ1) data recording area 2120Aand the second type conversion (φ2) data (secret) recording area 2120B.

[0082] The converted encrypted random number φ2(E(Ku, EMI)) is recordedin the second type conversion (φ2) data recording area 2120B and theconverted double encrypted title key φ1(E(EMI, E(Ku, KT1))) and theconverted encrypted content φ1(E(KT1, C1)) are recorded in the firsttype conversion (φ1) data recording area 1210A.

[0083]FIG. 4 shows an apparatus for reading and decrypting informationin the recording medium 2000, recorded in the above-described manner.

[0084] An information reproducing apparatus 3000 has a master keygeneration portion 3110. The master key generation portion 3110generates a master key Km from key group information KB read from therecording medium 2000 and information Kd (usually called device key)possessed by the information reproducing apparatus 3000. The master keyKm is input to a 2-variable converter 3120. The 2-variable converter3120 processes the medium ID inherent of disc and the master key Km with2-variable function h(x, y) so as to generate a medium inherent key Ku.

[0085] The medium inherent key Ku acquired here is the same as themedium inherent key Ku shown in FIG. 3A. The reason is that if thecontent of the key group information KB shown in FIG. 3A is the same asthat of the medium ID, the relation between the key group information KBand the device key Kd is devised so as to obtain the same content as inFIGS. 4 and 3A for the medium inherent key Ku. That is, informationcorresponding to the device key Kd is contained in the key groupinformation KB. In an illegal apparatus, because no informationcorresponding to the device key Kd is contained in the key groupinformation KB, no correct master key Km is acquired, and consequently,no correct medium inherent key Ku is acquired. If any illegal apparatusis found, a disc provider deletes information corresponding to thatillegal apparatus from the key group information KB for next sale. As aresult, distribution of illegal copies can be prevented.

[0086] The converted encrypted random number φ2((Ku, EMI)) read from adisc 2000 is input to a converter 3200 having an inverse-conversion ruleφ⁻¹ 2 of the conversion rule φ2 and inversely converted, and thendecrypted to the encrypted random number E(Ku, EMI). Then, the encryptedrandom number E(Ku, EMI) is decrypted by a decryption portion 3190 usingthe device inherent key Ku, so that the random number EMI is acquired.

[0087] The converted double encrypted title key φ1(E(EMI, E(Ku, KT1)))and converted encrypted content φ1(E(KT1, C1)) read from a disc areinput to converters 3180 and 3150 having an inverse-conversion rule φ⁻¹1 of the conversion rule φ1 and inversely converted so as to acquire thedouble encrypted title key (E(EMI, E(Ku, KT1)) and the encrypted contentE(KT1, C1).

[0088] The double encrypted title key (E(EMI, E(ku, KT1)) is decryptedby a decryption portion 3160 using the random number EMI so as toacquire the encrypted title key E(Ku, KT1). Further, the encrypted titlekey E(Ku, KT1) is decrypted by a decryption portion 3130 using theprevious medium inherent key Ku so as to acquire the title key KT1.

[0089] The encrypted content E(KT1, C1) is decrypted by a decryptionportion 3140 using the title key KT1.

[0090] As for the relation between the conversion rule φ1 and theconversion rule φ2, even if the component X provided by conversion basedon the conversion rule φ2 is inversely converted according to theinverse-conversion rule φ⁻¹ 1, the component X is not obtained. That is,it is natural that the relation satisfying φ⁻¹ 1(φ2(X))≠X exists. Thus,even if the entire re-recordable area is backed up or restored toexecute illegal copy of the content, no apparatus but an authenticaterecording/reproducing apparatus can decode the content correctly.

[0091] By generating a medium inherent key Ku with a random numbergenerator instead of generating the medium inherent key Ku from the keygroup information KB, device key Kd, and medium ID, a medium having onlya re-recordable area as shown in FIG. 1A can contain the same contentconcealability function as a medium having a reading only area(re-record disable area) and a re-recordable area (reading and recordingenable area).

[0092] According to this embodiment, concealability of administrationinformation is improved as described above. The reason is that thecontrol information is encrypted and the key information which encryptsthe control information is also encrypted. For the encrypted controlinformation (first information) and encrypted key information (secondinformation), one conversion rule is φ1 while the other conversion ruleis φ2. Further, processings based on the conversion rule φ2 andinverse-conversion rule φ⁻¹ 2 are executed inside the apparatus. Thus,if the copy control information (“check-out” and “check-in” information)is included in the administration information, no one can rewrite thecontent of the copy control information, or steal it. In the meantime,the conversion and inverse-conversion may be carried out in variousways, including conversion of channel bit, modulation, addition orsubtraction of specific data and the like.

[0093] According to this embodiment, as described above, concealabilityin recording or reproduction of key information is improved through useof a cheap recording medium as to prevent illegal copy of its content.

[0094] Other embodiments of the present invention will be described. Thesame portions as those of the first embodiment will be indicated in thesame reference numerals and their detailed description will be omitted.

[0095] Second Embodiment

[0096] [I: example of system in which the embodiment of the presentinvention functions effectively]

[0097]FIG. 5 shows signal processing in a recording medium in acopyright protecting system for a DVD-video signal. In data controlprocessing, a video/audio information signal is compressed using MPEG,or the like, and further formatted to a digital data stream having areproduction control signal or the like added thereto (step S1).

[0098] Digital data is divided into sectors of packet data each havingthe unit of “2K bytes” (step S2) and an ID which is a sector number isattached to each sector (step S3). Next, data is encrypted (datascramble) (step S4). An error detecting code EDC is attached to theencrypted data (step S5). A data portion is scrambled according to acode determined by ID information so as to stabilize the servo system inreproduction operation (step S6).

[0099] The data scramble here is different from the data scramble forthe above-described encryption, so that data is scrambled with opencontents. If digital data is “all 0” or in similar case, recording dataturns to be repetition of same pattern. In this case, a disc system mayhave a problem in that a tracking servo error signal cannot be detectedaccurately, due to cross-talk of an adjacent track. The initial value ofan M system generator is determined by an ID value. By multiplying asignal from the M system generator with digital data, data scramble iscarried out. This prevents the scrambled recording signal from being arepetition of same pattern. In this specification, the “data scramble”used for servo stabilization will not be described any more but the“data scramble” described elsewhere in this specification indicates thatused for encryption processing for protection of copyright ofinformation.

[0100] The digital data subjected to the above-described processing isconverted to blocks based on the error correction code ECC so as toexecute error correction processing for every 16 sectors (step S7), anderror correction codes of an inner-code parity PI and an outer-codeparity PO are generated (step S8).

[0101] The outer-code parity PO is distributed in each sector byinterleave processing so that a recording sector is constructed (stepS9). The recording sector data is modulated through a modulating circuit(step S10) and the modulated signals are recorded by cutting an originaldisc through a driver and a pickup device. FIG. 5 shows the samestructure as a marketed recording/reproducing apparatus whose pickupportion has a different power.

[0102] Based on the original disc, a disc manufacturing mold is producedthrough a disc manufacturing process and then, a large number of discsare copied using an injection machine and provided to the market as aDVD-ROM disc in which video signals are recorded.

[0103]FIG. 6 shows the structure of the data sector of FIG. 5.

[0104] The data sector is constituted of 172 bytes (=1 row)×12 rows andsector identification information ID comprised of a sector number andsector information is disposed at the head row, followed by an ID errordetecting code IED, information concerning protection of copyrightCPR_MAI, a 2-K byte main data area and finally an error detecting codeEDC for main data.

[0105]FIG. 7 shows the structure of the ECC block. In data of 172bytes×192 rows constituted by gathering 16 of the data sectors in FIG.5, the outer-code parities POs of 16 bytes (16 rows) are generated toeach column (vertical direction) while the inner-code parities PIs of 10bytes (10 columns) are generated to each row (lateral direction). Here,the outer-codes PO of 16 rows (16 bytes) are distributed such that a row(172 bytes) is interleaved for every 12 rows (each sector).

[0106]FIG. 8 shows the structure of a sector picked out from respectivesectors after the outer-codes POs are interleaved. This is called arecording sector. (12+1) rows are provided because a part (a single row)of the outer-code parities POs is added to the sector (12 rows) shown inFIG. 6.

[0107]FIG. 9 shows the structure of the ECC block comprised of 16recording sectors. That is, 16 of the recording sector shown in FIG. 8are gathered.

[0108]FIG. 10 shows the structure of a physical sector generated bypassing data stream of each recording sector through a modulator.

[0109] The modulator code-modulates each data symbol (1 byte=8 bits) to16 channel bits. FIG. 11 shows a part of a code conversion table for themodulator used in the DVD standard. When code-modulating of data symbolis carried out, synchronous signals (sync SY0 to sync SY7) are attachedto the head and intermediate position of each row of the recordingsector. The syncs are disposed such that combination of sync patternsdiffers depending on each row and the position in row of each sector canbe found depending on the combination of the sync patterns uponreproduction processing.

[0110] As shown in FIG. 10, a pair of sync frames of (32+1456) channelbits constructs a single row. For example, at the first row of FIG. 10,SY0 and SY5 are sync frames. Gathering 13 of such row constructs thephysical sector.

[0111] In such a DVD, protection on information is carried out for videosignals to be recorded in a ROM disc specialized for reproduction ascopyright protection system. In this case, a copy protection systemcalled a content scramble system (CSS) is employed as the copyrightprotection system. However, the copy protection system is not a completesystem. If the total data of a disc is backed up and restored, such ahigh level control as “check-in” processing cannot be carried out.

[0112]FIG. 11 shows a part of the modulation type code conversion tableused for the DVD standard. Because the DVD uses the relation of datasymbol=1 byte (8 bits), code words each of 16 channel bits are allocatedto 256 data symbols from “0” to “255”. In the code word of 16 channelbits, the distance from “1” to next “1” is in a range of 3 to 11 bits.When a code word is connected to another code word also, the distancefrom “1” to next “1” is in a range of 3 to 11 bits. For the reason, fourtables, State-1 to State-4 are prepared for each data symbol. As foreach code word to be used upon modulating the data symbol, the state (ortable) in which a code word to be used next exists is determinedpreliminarily.

[0113] As for the modulation method, in channel bit data formed as aresult of selection from the code word of the modulation table, thepolarity of the recording signal is inverted according to the Non-Returnto Zero Inverse conversion (NRZI) method when the code word is “1.” As aresult of the inversion, in the recording signal, its continuous “1” isin a range of 3 to 11, while its continuous “0” is in a range of 3 to11.

[0114] [II: Problem which attention is paid to]

[0115]FIG. 12 shows a case for copying an entire disc or an example of aprocess for illegal copy. Generally, the recording/reproducing driveused in a computer does not discriminate the contents (contents ofinformation and control code for information and the like) recorded in amedium because it aims at recording/reproducing information according toan instruction sent from a PC. For the reason, read out data is open.

[0116] If all data read out by a reproducing drive X is recorded in theorder of read-out by a recording drive Y as shown in FIG. 12, aplurality of recorded recording media are produced. Basically, the drivecomprises an ECC processing portion, a modulating portion, a writeprocessing portion and a read processing portion.

[0117] [III: Example of recording medium]

[0118]FIG. 13 is an explanatory diagram showing an area in the recordingmedium in which information is recorded or reproduced and its internalconfiguration. The recording medium 200 comprises a re-record disablearea 211 and a re-recordable area 212. The re-record disable area 211stores key group information KB and medium ID (for example,identification number inherent of disc) and the re-recordable area 212stores a first type modulation (φ1) data recording area 212A and asecond type modulation (φ2) data (concealability) recording area 212B.

[0119] As described in detail later, the modulated encrypted contentinformation φ1(E(KT1, C1)) obtained by modulating the encrypted contentinformation according to the first modulation rule φ1 is recorded in thefirst modulation rule (φ1) data recording area 212A. Further, modulatedencrypted key information φ2(E(Ku, EMI)) obtained by modulating theencrypted key information according to the second modulation rule φ2 isrecorded in the second modulation rule (φ2) data recording area 212B.That is, the modulated encrypted content information φ1(E(KT1, C1)) andthe modulated encrypted key information φ2((Ku, EMI)), which is obtainedaccording to different modulation methods, is recorded in there-recordable area 212.

[0120] [IV: Example of allocation of first modulation rule (φ1) signaland second modulation rule (φ2) signal]

[0121]FIG. 14 shows an example of a recording area in the physicalsector of the modulated encrypted content information φ1(E(KT1, C1) andthe modulated encrypted key information φ2((Ku, EMI)).

[0122] In the DVD system, as described in FIG. 10, an ECC block(physical sector) after the modulation is built up. According to thisembodiment, a part or all portions (portion indicated with obliquelines) of a specific frame in a specific physical sector is replacedwith the modulated key information φ2((Ku, EMI) generated according tothe second modulation rule φ2. In this example, frames which synchronouscodes SY2, SY5, SY3 and SY7 are to be attached are replaced.

[0123] Although an error occurs on the main data side, an increase oferrors in a range which can be corrected is no problem. Although theinitial position in the physical sector is specified as a place in whichthe second modulation rule φ2 signal is embedded, it is possible towrite a position signal with specific information into a previous placefor subsequent positions so that that position is not seen from outside.

[0124] FIGS. 15 to 18 show various examples of a method of embedding amodulated signal generated by the second modulation rule φ2.

[0125]FIG. 15 is a diagram showing a first example of encrypted keyembedding technology. A special pattern not used in main data modulationis embedded in a part (portions of G, H, I, J) of a specific frame(symbol “a”) in FIG. 15 as a synchronous signal SY-CP for encrypted keyembedding position and subsequently, parts of an encrypted key ofseveral data symbols CP6 and CP7 are embedded (symbol b). If parts ofthese encrypted keys are extracted from other frames and gathered, theentire encrypted key can be acquired as indicated by symbol c. An errorcorrection code ECC is attached to the encrypted key data so as toimprove data reliability. That is, the encrypted key information ishandled as an object for error symbol correction, so that an ultimateaccurate encrypted key information can be restored.

[0126] In this case, the encrypted key information data may be modulatedusing the first modulation rule φ1. The special pattern SY-CP exists ina data area if it is viewed from the main data area so that it becomeserror data. Therefore, even if the SY-CP is demodulated (φ⁻¹ 1)corresponding to the first modulation rule φ1 and then modulatedaccording to the first modulation rule φ1, the same SY-CP pattern is notacquired. As a result, the synchronous code SY-CP disappears in a copydisc. Consequently, the SY-CP disappears, thereby disabling to extractthe encrypted key so that creation of an illegal copy disc is disabled.

[0127]FIG. 16 is a diagram showing a second example of encrypted keyembedding technology. In the physical sector, the main data is allocatedin 16 channel bits subsequent to a synchronous signal SYNC. Apredetermined channel bit or 8-channel bit dummy data 20D is disposedsubsequent to the synchronous code SYNC and encrypted key parts areembedded succeeding to the dummy data 20D.

[0128] That is, the symbol division points are made different betweenthe main data and the encrypted key, so that the modulated encrypted keyinformation is not correctly demodulated by demodulation (φ⁻¹ 1)corresponding to the first modulation rule φ1.

[0129] In order to correctly decrypt the key information, the modulatedencrypted key information is processed by modulation (φ⁻¹ 2)corresponding to the second modulation rule φ2. If the dummy portion 20Dis known preliminarily, the subsequent key data may be correctlydemodulated.

[0130]FIG. 17 is a diagram showing a third example of the modulatedencrypted key information. According to the code conversion table forDVD modulation shown in FIG. 11, an 8-bit data symbol is converted to a16-channel bit. If the bit distance from “1” to next “1” in the channelbit is restricted to 3 to 11 bits, another conversion table cannot beconstructed without using a pattern used in the one conversion table.

[0131] If a data symbol (8 bits) is converted to modulation channel bitsbased on the second modulation rule φ2, it is constructed with a largerchannel bit. In this case, conversion tables corresponding to modulationand demodulation are provided on modulation and demodulation sides.

[0132]FIG. 17 shows an example that an 8-bit data symbol is converted toa larger bit, for example, 24-channel bits. Such a bit conversionenables demodulation of the encrypted key information through only acorrect apparatus.

[0133]FIG. 18 shows the relation of that conversion. The main data to beconverted according to the table of the first modulation rule φ1 isconverted to 16-channel bits (symbols “a” and “b”). In the encrypted keyto be converted according to the second modulation rule φ2 table, the8-bit data symbol is converted to 24-channel bits (symbols c to d).

[0134] The 16-channel bits of the 24-channel bits are embedded into a16-channel bit area on the front half or rear half of the 24-channelbits as a pattern which is not used in the first modulation rule φ1(portions indicated with symbols d and e). When extracting a modulatedsignal of the above-described encrypted key, a modulated signal isextracted from a preliminarily known area and the encrypted key can bedemodulated by using an independent conversion table.

[0135] Another embodiment may be achieved as follows. That is, if in thesymbol data CPn=CP0, CP1, CP3, . . . , n is even and odd, a place inwhich a pattern that is not used in the first modulation rule φ1 shouldbe embedded may be set up in the front half and the rear half. Anexample in which the pattern that is not used in the first modulationrule φ1 is embedded in the front half is indicated with the symbol d,while an example that it is embedded in the rear half is indicated withthe symbol e.

[0136] When the modulated signal of an encrypted key is extracted inthis case, it is permissible to extract the modulated signal from apreliminarily known area and demodulate the encrypted key using theindependent conversion table.

[0137] For example, in the main data modulator (first modulation ruleφ1) based on the DVD standard, the distance from “1” to next “1” is 3 to11 bits and a SYNC frame uses a 14-channel bit pattern. Then, a12-channel bit pattern, which is gained by dividing the 24-channel bitpattern is disposed at the front half or rear half of the SYNC frame ofa specific portion.

[0138] If the specific information is embedded in the physical sector, apattern modulated by the second modulation rule φ2 is demodulated bydemodulation φ⁻¹ 1 corresponding to the first modulation rule φ1. Evenif this data is modulated again according to the first modulation ruleφ1 and converted to a recording pattern, copy of correct encrypted keyinformation is disabled.

[0139]FIG. 18 shows an example that a channel bit stream connected to adata symbol CP2 of the modulated encrypted key information isdemodulated by demodulation φ⁻¹ 1. Although in the case of demodulationφ⁻¹ 1, input data is divided by 16-channel bits and then demodulated,the first 16-channel bit pattern is not returned to its original pattern(although data depends on a demodulating hardware circuit).

[0140] Subsequently, the 8-channel bit pattern is coupled with the8-channel bit pattern at the head side of a data symbol CP3 so as toform a 16-channel bit pattern, so that data “X” obtained based on that16-channel bit pattern is demodulated (symbols f and g).

[0141] If such data is passed through the error correction circuit, theencrypted key information disappears by the correction processing.

[0142] However, if data which is not subjected to the error correctionprocessing is transmitted out, this can be the same in the original8-channel bits on the rear half side of the data symbol CP2 and8-channel bits on the front half side by copy processing through theillegal copy path shown in FIG. 12. However, if such illegal copy isexecuted, the data symbols CP2 and CP3 cannot be copied because the16-channel bit pattern on the front half side or the rear half side areof the same pattern. Consequently, the encrypted key is difficult tocopy illegally.

[0143] If this structure is introduced, illegal copy of the encryptedkey can be prevented even if there are few patterns which are used inthe conversion table used for modulation of the main data.

[0144]FIG. 19 shows an example of the structure of the apparatus forcarrying out the above-described processing.

[0145] A portion indicated with a block LCM denotes a contentusage/control device. Reference numeral 400 denotes a drive andreference numeral 200 denotes a recording medium (for example an opticaldisc). The key group information KB and medium ID are recorded in there-record disable area of the optical disc 200.

[0146] The content usage/control device LCM comprises a controlinformation storage portion 501, master key generation portion 502,2-variable converter 503, and encryption portions 504 and 505. Further,an authentication/control portion 506 for executing mutualauthentication with the drive 400 is provided.

[0147] The drive 400 includes an authentication/control portion 401 forexecuting mutual authentication with the content usage/control deviceLCM, error correction code processing portion 402, modulator 403, errorcorrection code processing portion 404, modulator 405, and write controlportion 406. A read control portion 407 is also provided. Althoughusually, the write control portion 406 and the read control portion 407are constructed integrally as an optical head control portion, they areprovided for each function here. The mechanical operating portion,optical output portion and the like of the pickup portion (PUP) shown inFIG. 4 are not included in the write control portion 406 and the readcontrol portion 407. The write control portion 406 and the read controlportion 407 are constructed as an electric circuit portion, preferablyas a semiconductor device.

[0148] Now, the operation for recording the content C1 (includingcontrol information for reproducing the content C1) into the recordingmedium 200 will be described. A “check-out” instruction for the contentC1 is given to the authentication/control portion 401 of the drive 400through the authentication/control portion 506. After the “check-out”instruction is received, the authentication/control portions 506 and 401carry out mutual authentication. That is, whether they are devicespermitted to exchange data between each other is certified. If thenumber of “children” which can be checked out of the content C1described in the control information storage portion 501 is 0, theprocessing is terminated.

[0149] If the mutual authentication is carried out normally, mutualcommunication data between the content usage/control device LCM and thedrive 400 is scrambled with a common key shared upon the mutualauthentication.

[0150] The drive 400 reads the key group information KB and medium IDfrom the recording medium 200 through the read control portion 407 andtransfers them to the content usage/control device LCM.

[0151] The master key generation portion 501 generates master key Kmfrom the key group information KB read from the recording medium 200 andinformation Kd (usually called a device key) possessed by therecording/reproducing apparatus 100. The master key Km is input to the2-variable converter 503. The 2-variable converter 503 processes themedium ID and master key Km inherent of the disc according to the2-variable function h(x, y) so as to generate the medium inherent keyKu.

[0152] The medium inherent key Ku and the title key KT1 (correspondingto the title of the content C1) are input to the encryption portion 504.The encryption portion 504 encrypts the title key KT1 with the mediuminherent key Ku so as to obtain encrypted title key E(Ku, KT1). Theencrypted title key E(Ku, KT1) is transmitted to the drive 400. Thetitle key KT1 encrypts the content C1 with the encryption portion 505.The encrypted content E(KT1, C1) is transmitted to the drive 400.

[0153] In the drive 400, the error correction code processing portion402 attaches the error correction code (described in FIGS. 7 to 9) tothe encrypted title key E(Ku, KT1) and supplies to the modulator 403.The modulator 403 modulates the encrypted title key E(Ku, KT1) subjectedto error correction processing according to the second modulation ruleφ2. The modulated encrypted title key φ2((Ku, KT1)) is supplied to thewrite control portion 406.

[0154] The error correction code processing portion 404 attaches theerror correction code (described in FIGS. 7 to 9) to the encryptedcontent E(KT1, C1). The encrypted content subjected to this processingis modulated with the modulator 405 having the first modulation rule φ1and is supplied to the write control portion 406 as the modulatedencrypted content φ1(E(KT1, C1).

[0155] Here, the write control portion 406 embeds the modulatedencrypted title key φ2(E(Ku, KT1)) into a specific frame of the physicalsector as described with reference to FIGS. 14 to 18. The output(physical sector) of the write control portion 406 is written into there-recordable area of the recording medium 200 and then, the “check-out”is terminated.

[0156] The content usage/control device LCM carries out the followingprocessing for control information in the control information storageportion 501. The medium ID of a disc which is a “check-out” destinationof the content C1 is employed as a descriptor and the number N ofchildren which can be checked out is subtracted by 1 so as to secure(N−1).

[0157]FIG. 20 shows functional blocks for reproducing informationrecorded in the recording medium 200 as described above. If it isintended to reproduce the content C1, a reproduction instruction for thecontent C1 is transmitted from the content usage/control device LCM tothe drive 400 through the authentication/control portion 506. Thecontent usage/control device LCM and the drive 400 carry out mutualauthentication through their authentication/control portions 506 and401. If mutual authentication is achieved correctly, mutual transmissionis started. The mutual communication data between the contentusage/control device LCM and the drive 400 is scrambled with a commonkey shared upon the mutual authentication.

[0158] The drive 400 reads out the key group information KB and mediumID from the recording medium 200 through the read control portion 407and transmits them to the content usage/control device LCM.

[0159] The physical sector of the recording medium is read through aread control portion 407 a. As described previously, the modulatedencrypted content φ1(E(KT1, C1)) and the modulated encrypted title keyφ2(E(Ku, KT1)) are embedded in the physical sector. Because an embeddingposition is known preliminarily or it has a synchronous signal SYN-CP,the read control portion 407 a separates the modulated encrypted titlekey φ2(E(Ku, KT1)) and the modulated encrypted content φ1(E(KT1, C1)).

[0160] The modulated encrypted title key φ2(E(Ku, KT1)) is input to ademodulator 403 a which executes inverse-conversion (demodulation) φ³¹ ¹2 of the second modulation rule φ2. The demodulated encrypted title keyE(Ku, KT1) is input to an error correction code processing portion 402a. The modulated encrypted content φ1(E(KT1, C1)) is input to ademodulator 405 a which executes inverse-conversion (demodulation) φ⁻¹ 1of the first modulation rule φ1. The demodulated encrypted contentE(KT1, C1) is input to an error correction code processing portion 404a.

[0161] As for the relation between the first modulation rule φ1 and thesecond modulation rule φ2, even if a component X modulated according tothe second modulation rule φ2 is demodulated based on the demodulationrule φ³¹ ¹ 1 of the first modulation rule φ1, the component X is notregained. That is, there is a relation satisfying φ⁻¹ 1(φ2(X))≠X.

[0162] The demodulated encrypted title key E(Ku, KT1) is subjected toerror correction processing at the error correction code processingportion 402 a and transmitted to the content usage/control device LCMthrough the authentication/control portion 401. The demodulatedencrypted content E(KT1, C1) is subjected to error correction processingby the error correction code processing portion 404 a. The encryptedcontent E(KT1, C1) subjected to the error correction processing istransmitted to the content usage/control device LCM through theauthentication/control portion 401.

[0163] In the content usage/control device LCM, the master keygeneration portion 501 generates the master key Km from the key groupinformation KB read from the recording medium 200 and the information Kd(usually called device key) possessed by the recording/reproducingapparatus 100. The master key Km is input to the 2-variable converter503. The 2-variable converter 503 processes the medium ID inherent ofdisc transmitted from the drive 400 and the generated master key Km withthe 2-variable function h(x, y) so as to generate medium inherent keyKu.

[0164] In the meantime, the medium inherent key Ku is the same as themedium inherent key Ku shown in FIG. 19. The reason is that if thecontent of the key group information KB shown in FIG. 19 is the same asthat of the medium ID, the relation between the key group information KBand the device key Kd is devised so as to obtain the same content as inFIGS. 19 and 20 under the medium inherent key Ku. That is, informationcorresponding to the device key Kd is included in the key groupinformation KB. Because, in the case of an illegal apparatus, noinformation corresponding to the device key Kd is included in the keygroup information KB, no correct master key Km is acquired, andconsequently, no correct medium inherent key Ku is acquired. If anyillegal apparatus is found, a disc provider deletes informationcorresponding to that illegal apparatus from the key group informationKB for next sale. As a result, distribution of illegal copies can beprevented.

[0165] The encrypted title key information E(Ku, KT1) and mediuminherent key Ku transmitted from the drive 400 are input to a decryptionportion 504A so as to decode the title key KT1. The encrypted contentE(KT1, C1) transmitted from the drive 400 and the decrypted title keyKT1 are input to a decryption portion 505A so as to decode the contentC1.

[0166]FIG. 21 shows the state of information recorded in the disc(recording medium) 10 and disc 200 when “check-out” is carried out fromthe disc 10 to the disc 200 and the state of information recorded in thedisc 200 after “check-in” from the disc 200 to the disc 10 is carriedout.

[0167] If the “check-out” is executed from the disc 10 to the disc 200,the modulated encrypted title key φ2(E(Ku, KT1)) and the modulatedencrypted content φ1(E(KT1, C1) are recorded in the re-recordable areaof the disc 200. Here, assume that processing “check-in” for returninginformation of the disc 200 to the disc 10 is carried out. Consequently,in the first example, the modulated encrypted title key φ2(E(Ku, KT1))of the disc 200 is erased. In the second example, the modulatedencrypted title key 100 2(E(Ku, KT1)) is destroyed by overwrite ofrandom data. In the third example, the modulated encrypted contentφ1(E(KT1, C1) is erased. In the fourth example, the modulated encryptedcontent φ1(E(KT1, C1) is destroyed by overwrite of random data. In thefifth example, the above-described first example to the fourth exampleare adopted in combination. The processing which takes the shortest timeis the first or the second example.

[0168] According to the above-described method, even if all informationin the re-recordable area is backed up and restored, an apparatus whichdose not have a processing portion based on the second modulation ruleφ2 cannot restore correctly. To execute the data processing based on thesecond modulation rule φ2, authentication processing needs to be carriedout between the content usage/control device LCM and the drive 400. Ifthe content of the disc is “checked-in” by the content usage/controldevice LCM, matching between the medium ID of a disc of “check-out”destination for the content C1 described in the control information ofthe LCM and the medium ID read out from the disc is checked. Only whenboth match each other, the “check-in” is carried out.

[0169] If the “check-in” is carried out, after the erasing ordestruction according to the first to fifth examples is executed to adisc from which data is read, the number (number which allows the“check-out”) of children of the content C1 described in the controlinformation is incremented by 1.

[0170] The present invention is not restricted to the above-describedembodiments.

[0171]FIG. 22 shows still other embodiment of the present invention andindicates a functional block for executing the “check-out.” Likereference numerals are attached to the same portions as the previousembodiment. Only portions different from the previous embodiment will bedescribed. The inside of the drive 400 in this apparatus is different.The encrypted title key E(Ku, KT1) is supplied to an encryption portion411. The encrypted title key E(Ku, KT1) is encrypted by the encryptionportion 411 according to a random number EMI from the error correctioncode processing portion 412. An outer-code parity PO and an inner-codeparity PI are attached to the double encrypted title key E(EMI, E(Ku,KT1)) obtained from the encryption portion 411 by the error correctioncode processing portion 413, so that a sector shown in FIG. 9 isacquired. That information is modulated by the modulator 414 based onthe first modulation rule φ1 and output as the modulated doubleencrypted title key φ1(E(EMI, E(Ku, KT1))) and then input to the writecontrol portion 406.

[0172] On the other hand, an error correction code is attached to arandom number EMI by the error correction code processing portion 415and modulated by the modulator 403 which functions based on the secondmodulation rule φ2. Its result is input to the write control portion 406as the modulated random number φ2E(MI). The write control portion 406embeds the modulated random number φ2E(MI) into a specific framedescribed in FIGS. 14 to 18 and write into the disc 200.

[0173]FIG. 23 shows a functional block for reproducing informationwritten in the recording medium 200 as described above. When the contentC1 is reproduced, a reproduction instruction for the content C1 istransmitted from the content usage/control device LCM to the drive 400through the authentication/control portion 506. The contentusage/control device LCM and the drive 400 carry out mutualauthentication through their authentication/control portions 506, 401.If mutual authentication is achieved correctly, mutual transmission isstarted. The mutual communication data between the content usage/controldevice LCM and the drive 400 is scrambled with a common key shared uponthe mutual authentication.

[0174] Like reference numerals are attached to the same portions as theembodiment shown in FIG. 20. Only portions different from the previousembodiments will be mentioned.

[0175] The read control portion 407 a reads the modulated doubleencrypted title key φ1(E(EMI, E(Ku, KT1)), modulated encrypted contentφ1(E(KT1, C1), and modulated random number φ2E(MI) from the recordingmedium 200. The read control portion 407 a separates this informationand supplies them to corresponding demodulators 414 a, 405 a and 403 a.The modulated random number φ2E(MI) is demodulated by the demodulator403 a, error correction processing is carried out by the errorcorrection code processing portion 415 a and EMI is supplied to theerror correction code processing portion 412 a. On the other hand, themodulated double encrypted title key φ1(E(EMI, E(Ku, KT1)) isdemodulated by the demodulator 414 a and the double encrypted title keyE(EMI, E(Ku, KT1) is subjected to error correction processing by theerror correction code processing portion 413 a. Then, its result issupplied to the demodulator 411 a. Here, the double encrypted title keyE(EMI, E(Ku, KT1) is demodulated using the EMI from the error correctioncode processing portion 412 a. Consequently, the encrypted title keyE(Ku, KT1) is obtained and transmitted to the content usage/controldevice LCM. The other processing is the same as the example of FIG. 20.

[0176]FIG. 24 shows the encryption state of information recorded in there-record disable area 211 and the re-recordable area 212.

[0177]FIG. 25 shows the state of information recorded in the disc(recording medium) 10 and disc 200 when “check-out” is executed from thedisc 10 to the disc 200 and the state of information recorded in thedisc 200 after “check-in” is executed from the disc 200 to the disc 10.

[0178] If the “check-out” is executed from the disc 10 to the disc 200,the modulated encrypted random number φ2(EMI), the modulated encryptedcontent φ1(E(KT1, C1), and the modulated double encrypted title keyφ1(E(EMI, E(Ku, KT1))) are recorded in the re-recordable area 212 of thedisc 200. Assume that processing “check-in” for returning information inthe disc 200 to the disc 10 is carried out.

[0179] Consequently, in the first example, the modulated encryptedrandom number φ2(EMI) in the disc 200 is erased. In the second example,the modulated encrypted random number φ2E(MI) in the disc 200 may bedestroyed by overwrite of random data. In the third example, themodulated encrypted content φ1(E(KT1, C1) is erased. In the fourthexample, the modulated encrypted content φ1(E(KT1, C1) may be destroyedby overwrite of random data. In the fifth example, the modulated doubleencrypted title key φ1(E(EMI, E(Ku, KT1)) may be erased or destroyed byoverwrite of random data. In the sixth embodiment, the first example tothe sixth example are adopted in combination. The processing which takesthe shortest time is the above-mentioned first example or the secondexample.

[0180] The present invention is not restricted to the above-describedembodiments. According to the present invention, basically when writingat least the first information K1 including the encrypted content andthe second information K2 including a component for decrypting the firstinformation K1 into a re-recordable area, the first information K1 ismodulated based on the first modulation rule φ1 so as to acquireinformation φ1(K1) and the second information is modulated based on thesecond modulation rule φ2 so as to acquire information φ2(K2) and then,this information is written into the re-recordable area.

[0181] The first information K1 includes E(KT1, C1) and/or (EMI, E(Ku,KT1)). The second information K2 includes E(Ku, KT1) or EMI.

[0182] Still other example shown in FIG. 26 will be described. Likereference numerals are attached to the same portions as in the drive 400shown in FIG. 22. In the example shown in FIG. 22, the random number EMIobtained from the error correction code processing portion 412 issubjected to error correction processing, modulated directly based onthe second modulation rule φ2 and recorded in the recording medium 200.However, in the example of FIG. 26, the random number EMI from the errorcorrection code processing portion 412 is introduced to the encryptionportion 421 and encrypted with a drive common key Kg from a drive commonkey holding portion 422. An error correction code is attached to theencrypted random number E(Kg, EMI) by an error correcting portion 423and modulated based on the second modulation rule φ2 so as to acquiremodulated encrypted random number φ2(E(Kg, EMI)). Then, the modulatedencrypted random number φ2(E(Kg, EMI)) is recorded in the recordingmedium 200.

[0183] As a result, even if for example the second modulation rule φ2 isleaked, the content of the random number is never decrypted immediately.

[0184]FIG. 27 shows still another embodiment of the present invention.Like reference numerals are attached to the same portions as in thedrive 400 shown in FIG. 26. In the example of FIG. 27, the drive commonkey Kg is input to the drive inherent key generation portion 422. Thedrive inherent key generation portion 422 generates a drive inherent keyKud using a group key KB′. Then, a random number EMI from the errorcorrection code processing portion 412 is encrypted by the encryptionportion 421 so as to obtain the encrypted random number E(Ku, EMI). Anerror correction code is attached to the encrypted random number E(Kud,EMI) and modulation based on the second modulation rule φ2 is carriedout so as to obtain modulated encrypted random number φ2(E(Kg, EMI)).Then, the modulated encrypted random number φ2(E(Kg, EMI)) is recordedin the recording medium 200.

[0185] As a result, when a drive which executes illegal action such asillegal copy is made evident, a disc manufacturer can block generationof a correct drive inherent key Kud in the drive which executes thisillegal action by selling a disc in which part of the group key KB′ ischanged.

[0186] When the above-described embodiments are carried out, it ispreferable that the modulator and the demodulator in the drive 400 areconstructed with a single semiconductor device in order to enhance itsconcealability. Further, it is also preferable that an error correctioncode processing portion is constructed with the modulator anddemodulator in a semiconductor device. Further, the entire drive 400including the read control portion and the write control portion may beconstructed as a semiconductor device.

[0187] The recording medium having only the read enable area andre-recordable area is capable of executing the same content control bygenerating the medium inherent key Ku from the random number generatorinstead of generating from the medium ID, and Kd.

What is claimed is:
 1. An information recording method for recordingcontent information in a recording medium having at least re-readablearea, comprising: converting, based on a first conversion rule φ1, firstinformation including a first component for obtaining content controlinformation; converting, based on a second conversion rule φ2, secondinformation including a second component for obtaining the firstinformation; and writing the converted first information and theconverted second information into the re-recordable area of therecording medium.
 2. The method according to claim 1, wherein the firstcomponent comprises an encrypted content control information and thesecond component comprises an encrypted first information.
 3. The methodaccording to claim 1, wherein the first conversion rule φ1 and thesecond conversion rule φ2 satisfy φ⁻¹ 1(φ2(X))≠X.
 4. An informationreproduction method for reproducing content information from therecording medium in which the information is recorded by the recordingmethod according to claim 1, comprising: reading the converted firstinformation and the converted second information from the re-recordablearea of the recording medium; inverse-converting, based on a firstinverse-conversion rule φ1 ⁻¹ of the first conversion rule φ1, theconverted first information to obtain original first information; andinverse-converting, based on a second inverse-conversion rule φ2 ⁻¹ ofthe second conversion rule φ2, the converted second information toobtain original second information.
 5. The method according to claim 4,wherein the first conversion rule φ1 and the second conversion rule φ2satisfy φ⁻¹ 1(φ2(X))≠X.
 6. The method according to claim 4, wherein thefirst component comprises an encrypted content control information andthe second component comprises an encrypted first information.
 7. Aninformation recording apparatus for recording content information in arecording medium having at least re-readable area, comprising: a firstconverter which converts, based on a first conversion rule φ1, firstinformation including a first component for obtaining content controlinformation; a second converter which converts, based on a secondconversion rule φ2, second information including a second component forobtaining the first information; and a writing portion which writes theconverted first information and the converted second information intothe re-recordable area of the recording medium.
 8. The apparatusaccording to claim 7, wherein the first converter comprises: a firstencrypting section which encrypts a title key for encrypting the contentinformation to obtain an encrypted title key; and a second encryptingsection which encrypts the encrypted title key based on a random numberto obtain a double encrypted title key as the first information; aconverter which converts, based on the first conversion rule φ1, firstinformation, and the second converter comprises: an encrypting sectionwhich encrypts the random number based on a medium inherent key toobtain an encrypted random number as the second information; and aconverter which converts, based on the second conversion rule φ2, secondinformation.
 9. An information reproduction apparatus for reproducingcontent information from the recording medium in which the informationis recorded by the recording apparatus according to claim 7, comprising:a reading portion which reads the converted first information and theconverted second information from the re-recordable area of therecording medium; a first inverse-converter which inverse-converts,based on a first inverse-conversion rule φ1 ⁻¹ of the first conversionrule φ1, the converted first information to obtain original firstinformation; and a second inverse-converter which inverse-converts,based on a second inverse-conversion rule φ2 ⁻¹ of the second conversionrule φ2, the converted second information to obtain original secondinformation.
 10. The apparatus according to claim 9, wherein the secondinformation comprises an encrypted random number; the secondinverse-converter decrypts the encrypted random number to obtain therandom number; the first information comprises a double encrypted titlekey; and the first inverse-converter comprises a first decryptingportion which decrypts the double encrypted title key based on therandom number obtained by the second inverse-converter to obtain anencrypted title key, and a second decrypting portion which decrypts theencrypted title key based on a medium inherent key to obtain an originaltitle key.
 11. An information recording method of a medium drive forrecording content information in a recording medium having at leastre-readable area, comprising: encrypting in the medium drive, based on afirst encryption rule φ1, first information including the contentinformation; encrypting in the medium drive, based on a secondencryption rule φ2, second information including a component forobtaining the first information; and writing the encrypted firstinformation and the encrypted second information into the re-recordablearea of the recording medium.
 12. The method according to claim 11,wherein the first information comprises a key for encrypting the contentinformation.
 13. The method according to claim 11, wherein the firstencryption rule φ1 and the second encryption rule φ2 satisfy φ⁻¹1(φ2(X))≠X.
 14. The method according to claim 11, wherein the secondinformation is supplied from an external device connected to the mediumdrive and comprises an encrypted title key, the title key encrypting thecontent information.
 15. An information reproduction method forreproducing content information from the recording medium in which theinformation is recorded by the recording method according to claim 11,comprising: reading the encrypted first information and the encryptedsecond information from the re-recordable area of the recording medium;decrypting in the medium drive, based on a first decryption rule φ1 ⁻¹of the first encryption rule φ1, the encrypted first information toobtain original first information; and decrypting in the medium drive,based on a second decryption rule φ2 ⁻¹ of the second encryption ruleφ2, the encrypted second information to obtain original secondinformation.
 16. The method according to claim 15, wherein the firstinformation comprises a key encrypting the content information.
 17. Themethod according to claim 15, wherein the first encryption rule φ1 andthe second encryption rule φ2 satisfy φ⁻¹ 1(φ2(X))≠X.
 18. The methodaccording to claim 15, wherein the second information is supplied to anexternal device connected to the medium drive and comprises an encryptedtitle key, the title key encrypting the content information.
 19. Aninformation recording apparatus for recording content information in arecording medium having at least re-readable area, comprising: a firstencrypting portion which encrypts, based on a first encryption rule φ1,first information including the content information; a second encryptingportion which encrypts, based on a second encryption rule φ2, secondinformation including a component for obtaining the first information;and a writing portion which writes the encrypted first information andthe encrypted second information into the re-recordable area of therecording medium.
 20. The apparatus according to claim 19, wherein thesecond information is supplied from an external device connected to themedium drive and comprises an encrypted title key, the title keyencrypting the content information.
 21. An information reproductionapparatus for reproducing information from the recording medium in whichthe information is recorded by the recording apparatus according toclaim 19, comprising: a reading portion which reads the encrypted firstinformation and the encrypted second information from the re-recordablearea of the recording medium; a first decrypting portion which decrypts,based on a first decryption rule φ1 ⁻¹ of the first encryption rule φl,the encrypted first information to obtain original first information;and a second decrypting portion which decrypts, based on a seconddecryption rule φ2 ⁻¹ of the second encryption rule φ2, the encryptedsecond information to obtain original second information.
 22. Theapparatus according to claim 21, wherein the second informationcomprises an encrypted random number; the second decrypting portiondecrypts the encrypted random number to obtain an original randomnumber; the first information comprises a double encrypted title key;and the first decrypting portion comprises a first decryptor whichdecrypts the double encrypted title key based on the random numberobtained by the second decrypting portion to obtain an encrypted titlekey, and a second decryptor which decrypts the encrypted title key basedon a medium inherent key to obtain an original title key.